General
-
Target
C4Loader.exe
-
Size
126KB
-
Sample
221107-v78vbsabc3
-
MD5
fe189d6f17ac70da642777a955b699cc
-
SHA1
6dd9ab32e1bcc97bacee5d55498d78478e28a489
-
SHA256
3c9481224a7c8ba107be9850b1cb62159867a780c1afcf75bb4a47bdbf042bc2
-
SHA512
20379862c6253ade42ba5d5cc6fe6c40d4a15d85fe48514670381199a5aaf5c705a640e0749f4c00f38b58b909b33a02ccca338bc81a7b080e078b6bb8a2cb9f
-
SSDEEP
3072:vbQwc8GhRcGlcxE7Gi5NPf5uE5E6fRyF3HfPbGmX2w3KyPzapXc:vbJsFl26f5s6f+G63KyPz+Xc
Static task
static1
Behavioral task
behavioral1
Sample
C4Loader.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
C4Loader.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
C4Loader.exe
-
Size
126KB
-
MD5
fe189d6f17ac70da642777a955b699cc
-
SHA1
6dd9ab32e1bcc97bacee5d55498d78478e28a489
-
SHA256
3c9481224a7c8ba107be9850b1cb62159867a780c1afcf75bb4a47bdbf042bc2
-
SHA512
20379862c6253ade42ba5d5cc6fe6c40d4a15d85fe48514670381199a5aaf5c705a640e0749f4c00f38b58b909b33a02ccca338bc81a7b080e078b6bb8a2cb9f
-
SSDEEP
3072:vbQwc8GhRcGlcxE7Gi5NPf5uE5E6fRyF3HfPbGmX2w3KyPzapXc:vbJsFl26f5s6f+G63KyPz+Xc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Stops running service(s)
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-